Ensurepass
2017 July ISC Official New Released CAP Q&As
100% Free Download! 100% Pass Guaranteed!
http://www.ensurepass.com/CAP.html

Certified Authorization Professional

QUESTION 161

Which of the following formulas was developed by FIPS 199 for categorization of an information type?

 

A.

SC information type = {(confidentiality, controls), (integrity, controls), (authentication, controls)}

B.

SC information type = {(confidentiality, impact), (integrity, impact), (availability, impact)}

C.

SC information type = {(confidentiality, risk), (integrity, risk), (availability, risk)}

D.

SC information type = {(Authentication, impact), (integrity, impact), (availability, impact)}

 

Correct Answer: B

 

 

QUESTION 162

Which of the following is NOT considered an environmental threat source?

 

A.

Pollution

B.

Hurricane

C.

Chemical

D.

Water

 

Correct Answer: B

 

 

QUESTION 163

Which of the following is NOT a type of penetration test?

 

A.

Cursory test

B.

Partial-knowledge test

C.

Zero-knowledge test

D.

Full knowledge test

Correct Answer: A

 

 

QUESTION 164

Which of the followingformulas was developed by FIPS 199 for categorization of an information system?

 

A.

SC information system = {(confidentiality, impact), (integrity, controls), (availability, risk)}

B.

SC information system = {(confidentiality, impact), (integrity, impact),(availability, impact)}

C.

SC information system = {(confidentiality, controls), (integrity, controls), (availability, controls )}

D.

SC information system = {(confidentiality, risk), (integrity, impact), (availability, controls)}

 

Correct Answer: B

 

 

QUESTION 165

Which of the following NIST documents defines impact?

 

A.

NIST SP 800-53

B.

NIST SP 800-26

C.

NIST SP 800-30

D.

NIST SP 800-53A

 

Correct Answer: C

 

 

QUESTION 166

Which of the following relations correctly describes residual risk?

 

A.

Residual Risk = Threats x Vulnerability x Asset Gap x Control Gap

B.

Residual Risk = Threats x Exploit x Asset Value x Control Gap

C.

Residual Risk = Threats x Exploit x Asset Value x Control Gap

D.

Residual Risk = Threats x Vulnerability x Asset Value x Control Gap

 

Correct Answer: D

 

 

QUESTION 167

Which of the following is NOT a phase of the security certification and accreditation process?

 

A.

Initiation

B.

Security certification

C.

Operation

D.

Maintenance

 

Correct Answer: C

 

 

QUESTION 168

Which of the following processes has the goal to ensure that any change does not lead to reduced or compromised security?

 

A.

Change control management

B.

Security management

C.

Configuration management

D.

Risk management

 

Correct Answer: A

 

 

QUESTION 169

Which of the following isnota part of Identify Risks process?

 

A.

System or process flow chart

B.

Influence diagram

C.

Decision tree diagram

D.< /font>

Cause and effect diagram

 

Correct Answer: C

 

 

QUESTION 170

In which of the following phases does the SSAA maintenance take place?

 

A.

Phase 3

B.

Phase 2

C.

Phase 1

D.

Phase 4

 

Correct Answer: D

100% Free Download!
—Download Free Demo:CAP Demo PDF
100% Pass Guaranteed!
Download 2017 Ensurepass CAP Full Exam PDF and VCE Q&As:395
—Get 10% off your purchase! Copy it:TJDN-947R-9CCD [2017.07.01-2017.07.31]

Ensurepass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF + VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Ensurepass IT Certification PDF and VCE